PM72186: NETSTAT ALL SENDSTALLED INDICATOR IS YES WHEN TCP CONNECTION IS RUNNING NORMALLY

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The NetStat ALL SendStalled Yes indicator is normally used to
    indicate that an attack has been detected, negatively
    impacting performance.   However, in this case, despite the fact
    that there was no attack, and the TCPIP connection was
    performing normally, the Netstat ALL display still showed
    SendStalled Yes. In addition, NETSTAT STATS showed
    CurrentStalled Connections         = 1
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of the IBM Communications Server   *
    *                 for z/OS Version 1 Release(s) 13 IP          *
    ****************************************************************
    * PROBLEM DESCRIPTION: Display NETSTAT shows SENDSTALLED=YES   *
    *                      for a single TCP connection even though *
    *                      the connection was normally operating.  *
    *                                                              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    During Global TCP attack processing, a consideration was not
    taken into an account to check for window scaling.
    If a window scaling is in place, a small window size TCP
    header does not mean that the connection is exposed to an
    attack.
    A TCP header window size smaller than the MTU of
    the connection was considered as an attack which is not
    the case if window scaling is in place.
    Also, there was no indication of an attack. TCP communication
    for the connection was normal.
    +-------------------------------------------------------------+
    + Please check our Communications Server for OS/390 homepages +
    + for common networking tips and fixes.  The URL for these    +
    + homepages can be found in Informational APAR II11334.       +
    +-------------------------------------------------------------+
    

Problem conclusion

  • EZBTCRD has been amended to consider window scaling when
    processing global TCP attack conditions.
    
    * Cross Reference between External and Internal Names
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM72186

  • Reported component name

    TCP/IP V3 MVS

  • Reported component ID

    5655HAL00

  • Reported release

    1D0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-09-06

  • Closed date

    2012-10-11

  • Last modified date

    2012-12-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK82632

Modules/Macros

  • EZBTCRD
    

Fix information

  • Fixed component name

    TCP/IP V3 MVS

  • Fixed component ID

    5655HAL00

Applicable component levels

  • R1D0 PSY UK82632

       UP12/11/28 P F211

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

z/OS family

Software version:

1D0

Operating system(s):

z/OS

Reference #:

PM72186

Modified date:

2012-12-04

Translate my page

Machine Translation

Content navigation